4.3
CVE-2024-2023
- EPSS 1.37%
- Veröffentlicht 14.06.2024 13:15:50
- Zuletzt bearbeitet 21.11.2024 09:08:50
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload
The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.
Mögliche Gegenmaßnahme
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: Update to version 3.0.1, or a newer patched version
Folders Pro: Update to version 3.0.3, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
Version
*-3.0
SystemWordPress Plugin
≫
Produkt
Folders Pro
Version
*-3.0.2
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerpremio
≫
Produkt
folders
Default Statusunknown
Version <=
3.0
Version
0
Status
affected
Herstellerpremio
≫
Produkt
folders_pro
Default Statusunknown
Version <=
3.0.2
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.37% | 0.796 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|